Remarks 
Status of Claims 

Claims 1-15 are pending in the application. Claims 1, 4 ? 5, and 6 are in 
independent form. The final Office action rejected claims 1-15 under 35 U.S.C. § 102(b) 
as allegedly being anticipated by U.S. Patent No. 5,884,270 ("Walker"). 

Drawings 

Three drawing sheets are submitted herewith. Figure 2 has been amended for 
clarity (see the annotated sheet). In addition, Figure 3 has been added for clarity. No new 
matter has been introduced. 

Support for the amendments to Figure 2 can at least be found in Figure 2 (as 
originally filed) and paragraphs [0035], [0036], [0037], [0038], and [0039] of the present 
application. 

Support for Figure 3 can at least be found in Figure 2 as originally filed (note the 
box in the lower right side of originally filed Figure 2 starting with "Authentex and 
Validator agree on queries to be asked of Validator's system"), paragraphs [0035], [0036], 
[0037], [0038], and [0039] of the present application, and originally filed claims 1, 4, and 
5. 

Specification 

Paragraphs [0035], [0036], and [0037] have been amended. Paragraphs [0020a], 
[0039a], and [0039b] are new. No new matter has been introduced. 

Support for the amendments to paragraphs [0035] and [0036] can at least be found 
in originally filed paragraph [0035] , box 3 of originally filed Figure 2, the box in the 
bottom center of originally filed Figure 2 starting with "Real-time Interactions," and 
Figure 2 of U.S. Provisional Patent App. No. 60/244,422, filed October 30, 2000 (which 
was incorporated by reference in its entirety into the present application). 

Support for the amendments to paragraph [0037] can at least be found in box 2 of 
originally filed Figure 2 and the box in the lower right side of originally filed Figure 2 
starting with "Authentex and Validator agree on queries to be asked of Validator's 
system." 

Support for new paragraphs [0020a], [0039a], and [0039b] can at least be found in 
Figure 2 as originally filed (note the box in the lower right side of originally filed Figure 2 
starting with "Authentex and Validator agree on queries to be asked of Validator's 
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system"), paragraphs [0027], [0035], [0036], [0037], [0038], and [0039] of the present 
application, and originally filed claims 1, 4, and 5. 



Prior Art Rejection 

Brief Summary of Walker 
Walker discloses a "system for facilitating employment searches using anonymous 
communications [that] includes a plurality of party terminals [300], a plurality of requestor 
terminals [400], and a central controller [200]." Walker, Abstract. A job seeker (the 
party) can enter data {e.g., their resume) via a party terminal 300. Walker, col. 7, lines 33- 
35. The job seeker's data is stored in party data base 255. Walker, col. 8, lines 25-28. 
Likewise, an employer (the requestor) can enter data {e.g., fiscal info., building locations, 
number of employees) via a requestor terminal 400. Walker, col. 7, lines 43-46. The 
employer's data is stored in requestor data database 260. Walker, col. 8, lines 25-28. 
Thus, as shown in Figure 2, Walker discloses a central database of information supplied 
by job seekers and employers. Walker, col. 4, lines 17-20. The data is stored locally and 
is fully accessible to the central controller. Further, the data is not generated during the 
ordinary course of business. Instead, the data is voluntarily entered by the job seekers and 
employers leaving open the possibility of fudging the data. 
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The employer can search the party database 255 to identify job seekers matching 
the search criteria. Walker, col 8, lines 51-53. For example, an employer could search 
for candidates having two years of patent writing experience living in New England. 
Walker, col. 8, lines 57-58. To preserver the anonymity of the job seekers, the central 
controller 200 first asks the job seeker whether the job seeker's information can be 
released before sending the information to the employer. Walker, col. 16, lines 33-37. 
For example, after performing a search, the employer may request to see the party data for 
each hit. If one of the hits is a currently employee, that employee may not want their 
current employer to know they are searching for a new job and may not authorize the 
release of information. Walker, col. 16, lines 62-67. 

The central controller 200 can also establish an anonymous communications 
channel between the employer and the candidates. Walker, col. 18, lines 29-31. The 
communication channel allows the party and the requestor to reveal or request information 
to and from each other while ensuring anonymity. Walker, col. 18, lines 31-34. 

Thus, a goal of Walker's invention is to "provide a communication system 
incorporating a central database of information supplied by one or more parties and 
managed by a central administrator where all parties to the system can manage and control 
the release of any or all information about themselves or their identities, and where such a 
system allows for electronic-based communications between the parties without the 
necessity of revealing the identity of either party.'" Walker, col. 4, lines 17-25. 

Section 102 Rejections 
The final Office action rejected claim 1-15 under 35 U.S. C. § 102(b) as allegedly 
being anticipated by Walker. Applicant respectfully traverses. 

Claim 6 

Claim 6 has been amended to refer to (with emphasis added): 

6. A method of authenticating the putative identity of a subject who is an 
individual, the method comprising the steps of: 

negotiating a predetermined set of permitted types of queries with an 
owner of an independent, remote, third-party database, the independent, 
remote, third-party database including identifying information associated 
with the subject; 

providing a database interface for interacting with the independent, 
remote, third-party database without storing any significant portion of the 
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third-party database locally , and wherein the interaction is limited to 
submitting a query among the predetermined set of permitted types of 
queries, and receiving from the third-party database a response to the 
permitted query; 

receiving identifying information associated with the subject to 
authenticate his identity, the received identifying information including at 
least one item of information sufficient to form one of the permitted types of 
queries; 

forming a permitted type of query based on the received identifying 
information; 

transmitting the formed query to the remote, third-party database; and 
receiving a response from the remote, third-party database wherein 
the database interface does not otherwise provide access to the remote, third- 
party database, so that privacy of the remote, third-party database content 
remains under control of its owner. 

Without any explanation of how or why the portions of Walker anticipate the 
various elements of claim 6, the Office action simply rejects claim 6 in its entirety citing 
Fig. 2A, col. 7, line 33 — col. 9 5 line 25 ? col. 15, line 25 - [sic], and col. 16, lines 20 - 42. 
This rejection should be withdrawn for several reasons. 

Walker Does Not Teach 
An Independent, Remote, Third-Party Database 

Claim 6 refers to "an independent, remote, third-party database" (quoting claim 6). 
By way of example, and not by limitation, identifying information comes from multiple 
third-party databases that have gathered that information in the ordinary course of their 
business or other relationships and dealings with the subject (e.g., a bank, a credit bureau, 
a credit card company, a utility company, etc.). Present Application, [0026] and 
[0037]. For example, the subject and the independent, remote, third-party database 
establish a face-to-face interaction when the subject opens a bank account. Present 
Application, Figure 2 (original). Out-of-wallet data is generated about the subject at each 
subsequent transaction. Id. Thus the data stored within the independent, remote, third- 
party database is assembled and controlled by its owner - not by the subject. 

In contrast, Walker's databases are not "independent, remote, third-party 
databases" (quoting claim 6). As show r n in Figure 2, Walker discloses a central database 
of information supplied by job seekers and employers . Walker, col. 4, lines 17-20. The 
data in Walker is stored locally , not remotely . Further, the data in Walker is not generated 
during the ordinary course of business. Instead, the data is voluntarily entered by the job 
seekers when they use Walker's system to find a job. 
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Walker Stores All Information Locally 
Claim 6 refers to "providing a database interface for interacting with the 
independent, remote, third-party database without storing any significant portion of the 
third-party database locally " (quoting claim 6 with emphasis added). As shown in 
Walker's Figure 2, all information is stored locally . 

Walker Does Not Teach 
Negotiating A Predetermined Set of 
Permitted Types Of Queries With An Owner Of 
The Independent, Remote Third-Party Database 

Claim 6 refers to "negotiating a predetermined set of permitted types of queries 
with an owner of an independent, remote, third-party database, the independent, remote, 
third-party database including identifying information associated with the subject" 
(quoting claim 6). By way of example, and not by limitation, the "query has been licensed 
for a specific use." Present Application, ^ [0026]. The actual question and scope of the 
query depend on the authentication services being provided. Id. The ability to control the 
types of queries being made against the database provides many database provides the 
incentive, or at least comfort level, to make their database available. Present Application, 
If [0029] . The independent database operator can authorize a query to access whatever 
level of information they are comfortable with. Id. 

Applicant does not see where Walker teaches "negotiating a predetermined set of 
permitted types of queries with an owner of an independent, remote, third-party database, 
the independent, remote, third-party database including identifying information associated 
with the subject" (quoting claim 6). In Walker, the employer can search by any criteria. 
The criteria may include employment qualifications or education background that the 
employer is interested in. Walker, col. 16, lines 1-6. In fact, depending on the number of 
candidates found, the employer may refine or modify the search criteria. Walker, col. 16, 
lines 15-16. Thus, Walker does not teach "negotiating a predetermined set of permitted 
types of queries with an owner of an independent, remote, third-party database, the 
independent, remote, third-party database including identifying information associated 
with the subject" (quoting claim 6). 
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Walker's Database Owner Does Not 
Control The Privacy Of The Database 

Claim 6 refers to "receiving a response from the remote, third-party database 
wherein the database interface does not otherwise provide access to the remote, third-party 
database, so that privacy of the remote, third-party database content remains under control 
of its owner/" (quoting claim 6). By way of example, but not by limitation, the 
verification engine allows legitimate access to personal data concerning a subject being 
authenticated, but it keeps others from browsing. Authentication clients are only licensed 
for specific queries. Queries designed to browse database records or "read-out" 
information are not enabled by the verification engine. Present Application, | [0017]. The 
more sensitive out-of-wallet data, such as creditworthiness and credit card information, 
remains in the hands of companies that naturally hold that information. Although the 
verification engine will know the results of the queries, the information itself is never 
directly accessible by the verification engine or the authentication client. The verification 
engine simply provides a gateway to the information, thus offering a workable 
compromise between authentication and privacy. Present Application, [0033]. 

In Walker, the central controller 200 has full access to the data in the databases. In 
fact. Walker describes using keyword and natural language searches. Walker, col. 8, lines 
54-56. In addition, in Walker the central controller 200 does not control the privacy of the 
data - instead the party or requestor determine the available data. The final Office action 
at page 3 acknowledges this by stating that Walker's system "allows [the] user to exercise 
control over information release to others/' Thus Walker does not disclose "receiving a 
response from the remote, third-party database wherein the database interface does not 
otherwise provide access to the remote, third-party database, so that privacy of the remote, 
third-party database content remains under control of its owner." (quoting claim 6). 

For at least the above reasons, the Office action does not provide evidence that 
Walker anticipates claim 6. Accordingly, claim 6 and its respective dependent claims are 
patentable over Walker. 
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Claims 1 , 4, and 5 
Claim 1 has been amended to refer to (with emphasis added): 

1. A user authentication system comprising: 

an authentication client for requesting authentication of a subject; 

a client interface to receive the authentication request from the 
authentication client; 

multiple independently operated databases, each database storing 
information associated with the subject , the associated information being 
accessible only through predefined queries to identify the subject , the 
predefined queries defined in advance by agreement with owners of each of 
the multiple independently operated databases ; and 

a verification engine for facilitating authentication of the subject by 
receiving the authentication request, selecting one or more of the predefined 
queries, presenting the one or more selected queries to the subject via the 
authenticating client , receiving from the subject an answer to each of the one 
or more selected queries, and presenting the answer to each of the multiple 
independently operated databases for a validation response. 

Walker Does Not Teach 
Multiple Independently Operated Databases, 
Each Database Storing Information Associated With The Subject 

Claim 1 refers to " multiple independently operated databases , each database 
storing information associated with the subject" (emphasis added). By way of example, 
and not by limitation, information associated with the subject comes from multiple 
independently operated databases that have gathered that information in the ordinary 
course of their business or other relationships and dealings with the subject (e.g., a bank, a 
credit bureau, a credit card company, a utility company, etc.). Present Application, 
[0026] and [0037]. For example, the subject and the multiple independently operated 
databases can establish a face-to-face interaction when the subject opens a bank account. 
Present Application, Figure 2 (original). Out-of- wallet data is generated about the subject 
at each subsequent transaction. Id. 

In contrast, Walker does not disclose "multiple independently operated databases" 
(quoting claim 1). As shown in Walker's Figure 2, Walker teaches a central database of 
information supplied by job seekers and employers . Walker, col. 4, lines 17-20. 

In addition, claim 1 refers to "multiple independently operated databases, each 
database storing information associated with the subject ' ' (emphasis added). By way of 
example, and not by limitation, because the information is stored in multiple unrelated 
databases, it becomes extremely difficult for an identity thief or other criminal to place 
false data in all of the independent databases. Present Application, If [0034]. 
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Applicant does not see where Walker teaches "multiple independently operated 
databases, each database storing information associated with the subject" (quoting claim 
1). While Walker describes a party data database 255, requestor data database 260, 
verification database 270, and account database 275, these databases do not each store 
information associated with the subject. Instead the databases contain different data. For 
example, the party data database 255 includes the job applicant's data, such as 
employment history and education history, while the requestor data database 260 includes 
the company's data, such as the company history and financial profile. See Figure 2B of 
Walker. Thus, Walker does not teach "multiple independently operated databases, each 
database storing information associated with the subject" (quoting claim 1), 

Walker Does Not Teach 
Predefined Queries Defined In Advance 
By Agreement With Owners Of Each Of The Multiple 
Independently Operated Databases 

Claim 1 refers to "the predefined queries defined in advance by agreement with 

owners of each of the multiple independently operated databases" (quoting claim 1). By 

way of example, and not by limitation, the queries can be licensed for a specific use. 

Present Application, % [0026]. The actual question and scope of the queries depend on the 

authentication services being provided. Id. The ability to control the types of queries 

being made against the database provides many database provides the incentive, or at least 

comfort level, to make their database available. Present Application, f [0029]. The 

independent database operator can authorize queries to access whatever level of 

information they are comfortable with. Id. 

Applicant does not see where Walker teaches "the predefined queries 

defined in advance by agreement with owners of each of the multiple independently 

operated databases" (quoting claim 1). In Walker, the employer can search by any criteria. 

The criteria may include employment qualifications or education background that the 

employer is interested in. Walker, col. 16, lines 1-6. In fact, depending on the number of 

candidates found, the employer may refine or modify the search criteria. Walker, col. 16, 

lines 15-16. Thus, Walker does not teach "the predefined queries defined in advance by 

agreement with owners of each of the multiple independently operated databases" (quoting 

claim 1). 
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Walker Does Not Teach 
A Verification Engine For Facilitating Authentication Of The Subject By 
Presenting The One Or More Selected Queries To The Subject 
Via The Authentication Client 

Claim 1 refers to "a verification engine for facilitating authentication of the subject 
by receiving the authentication request, selecting one or more of the predefined queries, 
presenting the one or more selected queries to the subject via the authenticating client , 
receiving from the subject an answer to each of the one or more selected queries, and 
presenting the answer to each of the multiple independently operated databases for a 
validation response" (quoting claim 1 with emphasis added). 

Applicant does not see where Walker teaches "a verification engine for facilitating 
authentication of the subject by . . . presenting the one or more selected queries to the 
subject via the authenticating client " (quoting claim 1 with emphasis added). First, the 
final Office action is unclear as to where Walker anticipates the authentication client of 
claim 1. The final Office action points to col. 7, lines 33-52 of Walker which discuses the 
party terminal 300, the central controller 200, and the requestor terminal 400. In addition, 
the final Office action points to col. 15, lines 26-50 which also discusses the party terminal 
300, the central controller 200, and the requestor terminal 400. Applicant's best guess is 
that the Office alleges that the central controller 200 anticipates the "authentication client' 5 
of claim 1 and alleges that the party terminal 300 anticipates the "subject" of claim 1 . If 
this is so, Applicant does not see where Walker teaches " a verification engine for 
facilitating authentication of the subject by . . . presenting the one or more selected queries 
to the subject via the authenticating client " (quoting claim 1 with emphasis added). 
Having failed to identify each and every element of claim 1, the final Office action has not 
established a prima facie case of anticipation. Celeritas Techs. Inc. v. Rockwell Ini 7 
Corp., 150 F.3d 1354, 1360 (Fed. Cir. 1998) (a rejection based on prior art must account 
for each and every claim limitation). 

For at least the above reasons, the final Office action does not provide evidence 
that Walker anticipates claim 1. Accordingly, claim 1 and its respective dependent claims 
are patentable over Walker. 

Claim 4 and its respective dependent claims are patentable over Walker for similar 
reasons. In addition, claim 4 refers to "a verification engine to receive from the 
authentication subject, via the authentication client, an answer to each of the predefined 
queries, to obtain from each of the plurality of independent database systems a 
corresponding authentication confidence for each answer, and to combine the 
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corresponding authentication confidence for each answer into a combined authentication 
confidence ." (quoting claim 4 with emphasis added). Applicant does not see where 
Walker teaches "a verification engine ... to combine the corresponding authentication 
confidence for each answer into a combined authentication confidence /' In fact, 
"authentication confidence" does not even appear in Walker. For at least these reasons, 
the final Office action does not provide evidence that Walker anticipates claim 4. 

Likewise, claim 5 and its respective dependent claims are patentable over Walker 
for similar reasons. 

Claims 2, 19, and 21 

Claim 2 refers to "the system of claim 1 wherein the associated information in the 
multiple independently operated databases includes out-of-w r allet data identifying the 
subject." (quoting claim 2 with emphasis added). By way of example, and not by 
limitation, "out-of-wallet data is information about you that would take you a little effort 
to find out, but that you probably have in your filing system or somewhere equally 
accessible with some effort. It includes information such as the amount of the last 
transaction with your checkbook or credit card, the holder and amount of your mortgage, 
your credit rating, your bank balance, and the like." Present Application, % [0006]. 

The final Office action alleges that col. 8, line 51 to col. 9, line 5 of Walker 
anticipates claim 2. However, Applicant does not see where Walker discusses out-of- 
wallet data at this point (or elsewhere). In fact, "out-of-wallet data" or "wallet" do not 
even appear in Walker. For at least these reasons, the final Office action does not provide 
evidence that Walker anticipates claim 2. Accordingly, claim 2 is patentable over Walker. 

For similar reasons claims 19 and 21 are patentable over Walker. 

Claims 16 and 18 

Claim 16 refers to "the system of claim 1 wherein the authentication client includes 
an electronic commerce site" (quoting claim 16). Applicant does not see where Walker 
discusses an electronic commerce site. In fact, "electronic commerce site" or "electronic 
commerce" do not even appear in Walker. For at least these reasons, the final Office 
action does not provide evidence that Walker anticipates claim 16. Accordingly, claim 16 
is patentable over Walker. 

For similar reasons claim 18 is patentable over Walker. 
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Conclusion 

In view of the foregoing, the Applicant submits that all claims are in condition for 
allowance. Therefore issuance of the Notice of Allowance is respectfully requested. The 
Examiner is welcome to call the undersigned to discuss any aspect of this application. 



Respectfully submitted, 
RAF Technology, Inc. 



Nathan D. Scherer 
Registration No. 58,460 

STOEL RIVES LLP 
900 SW Fifth Avenue, Suite 2600 
Portland, OR 97204-1268 
Telephone: (503)224-3380 
Facsimile: (503) 220-2480 
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